Purpose of HIPAA Administrative Simplification * 07/16/96 Purpose of HIPAA Administrative Simplification “to improve ... the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.” –from the statute *
* 07/16/96 *
* 07/16/96 *
* 07/16/96 *
Security/Privacy Services * 07/16/96 Security/Privacy Services A group of related services that, together, facilitate the integrity, confidentiality, interoperability and automation of healthcare information exchange in a SOA-based healthcare IT environment. They address issues of entity authentication, authorization, access control and accountability. Owned by Security TC, but… Cross discipline, cross domain approach. *
* 07/16/96 Scope and Purpose Security-as-a-Service within an SOA-oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services. *
* 07/16/96 Scope and Purpose Security-as-a-Service within an SOA-oriented architecture implies the decomposition and decoupling of complex security processes that are typically integrated across infrastructure and applications into a set of encapsulated, loosely-coupled security/privacy services. *
* 07/16/96 Why do we care? Encourages the deployment of interoperable services and applications Reduces the cost of application development Facilitates the automation of certain healthcare business processes *
Scenario: Clinician Needs Patient Data * 07/16/96 Scenario: Clinician Needs Patient Data From viewpoint of Requestor/Recipient- Requesting Where is the patient data? Who’s the custodian? In what format can the data be sent? What courier services are available? How do I submit a request? From viewpoint of Healthcare Information Custodian Who is requesting the data? Why should I let them see it? Do the Requestor’s privileges match my Policy? Courier Service Deliver to intended recipient Don’t allow tampering Maintain confidentiality From viewpoint of Requestor/Recipient- Receiving Who sent it? Do I trust them? Has it been tampered with? Can I understand what the Author intended to say? *
Functional Capabilities * 07/16/96 Functional Capabilities To include security/privacy functionality essential to enable or facilitate interoperability and automation including identity management, trust management, privilege and access management, auditing, etc. These would be as constrained as possible while still providing a complementary set of security services. Identity and credentials of a resource requestor that can be authenticated must be transported to an resource access decision point where appropriate authorization policy is applied, an access control decision is enforced and all required audit events are recorded. Confidentiality of PHI is maintained at all times. *
Example – Open Source EHR-S Function * 07/16/96 Example – Open Source EHR-S Function HL7 EHR-S Function I.1.6 Basic NHIN Access Healthcare Applications/ Components Trust Registry Healthcare Framework Directory Access Trust Network Authentication Privacy Communications Cross Industry Framework Identity Management Security/ Encryption Audit Services Eclipse Base Framework Execution Environment Operating System Computer Hardware *
Example – Vendor ePrescription Sub-Profile * 07/16/96 Example – Vendor ePrescription Sub-Profile Vendors use the Healthcare Framework to build specialized profiles and applications like ePrescribing. Installable Eclipse “plug-ins” encapsulate the functions required to support profiles and applications. Operating System Computer Hardware Healthcare Applications/ Components Execution Environment Eclipse Base Framework Cross Industry Framework Healthcare Framework HL7 EHR-S Function DC.1.3.1 ePrescribe Trust Registry Identity Management Trust Network HL7 Messaging UI - RCP Directory Access ePrescription Practice Management Components EHR System Components Payer Services HL7 Vocabulary Advanced XML Processing Security/ Encryption Privacy Audit Services Communications Authentication *
Overview—Conceptual Healthcare Service Architecture Healthcare Service Bus (HSB) * 07/16/96 Overview—Conceptual Healthcare Service Architecture Health Information Network Health Information Network Infrastructure Services Interoperability Services R R Patient Information Services Public Health Information Services Provider Registry Security Management HL7 V3 R R R R Healthcare Information Exchange Electronic Health Record (EHR) Outbreak Management Patient Resolution Privacy Management Terminology R R De-Identified Patient Data Warehouse Personal Health Record (PHR) Public Health Reporting Service Registry Community Management Document Processing R Public Health Services Pharmacy System Radiology Center PACS/RIS Lab System (LIS) Hospital, LTC, CCC, EPR Physician Office EMR EHR Viewer Public Health Provider Pharmacist Radiologist Lab Clinician Physician/ Provider Physician/ Provider Physician/ Provider POINT OF SERVICE HSB Access Node HSB Support Services Representative HIN Services Representative Commercial Services Open HealthIT Core Initiative R Open HealthIT Reference Implementation *
Overview--Healthcare Service Architecture * 07/16/96 Overview--Healthcare Service Architecture Health Information Network Healthcare Information Exchange Physician Office EMR Physician/ Provider POINT OF SERVICE HSB Access Node HSB Support Services Representative HIN Services Representative Commercial Services Open HealthIT Core Initiative R Open HealthIT Reference Implementation *
Open Health IT - HSB Messaging Stack * 07/16/96 Open Health IT - HSB Messaging Stack Intranet Healthcare Services Intranet Healthcare Services Browser Healthcare Applications HSB Support Services Healthcare Process Model & Execution Engine E-mail Local Healthcare Services xHIN Protocols xHIN Protocols xHIN Protocols xHIN Protocols SOAP SOAP SOAP SOAP HTTP HTTP HTTP HTTP HTTP-S/MIME Healthcare Service Bus TCP/IP Network Hardware *
* 07/16/96 *
xHIN Identity Transport * 07/16/96 xHIN Identity Transport Transport Envelope (http, smtp, file, …) SOAP Envelope SOAP Header wss:Security Sender ID + Structural Role Policy-based (Tier 0) Web Service Access Decision Digital Signature (transport) SAML Assertion: Role Sender Functional Role Encrypted (transport) SAML Assertion: Other Sender Other Other Other Policy-based (Tier 1) Target Object Access Decision SOAP Body Query Encrypted (transport, optional) Document Other *
xHIN – extensible Health Information Network * 07/16/96 xHIN – extensible Health Information Network TM The xHIN technology represents both an architecture and a set of functional specifications that exhibits two essential attributes: the ability to facilitate automation of clinical and business processes, and high extensibility—the ease with which xHIN-based health information networks can be deployed, expanded and enhanced. xHIN oneness ACHI EVE *
Security/Privacy Services * 07/16/96 Security/Privacy Services May include: Integrity Confidentiality Identity Management Access Control/Privilege Management Access Decision Service Access Policy Provisioning Service Audit Privacy Security Entity Registry Service Facilitates the location of an entity’s PKI information and other information required to accomplish the exchange of healthcare information. Credential Authentication Service Credential Binding Service Credentials may be bound to an Identity Trust Correlation Service De-identification, Re-identification, Pseudnonymization *
Entity Registry Service * 07/16/96 Entity Registry Service PKI identity services for entities are likely to be provided by many different parties- private, commercial and government. The Entity Registry Service facilitates the location of an entity’s PKI information and other information required to accomplish the exchange of healthcare information. The entity data may be maintained by an Identity Provider. This service may leverage the EIS. *
Access Control/Privilege Management * 07/16/96 Access Control/Privilege Management Access Decision Service Taking into account asserted identity/credentials, target resource and other factors, returns a decision allowing or denying access to the target resource. May leverage Identity Authentication and Credential Authentication Services Access Policy Provisioning *
Next Steps Reference/Resource Compilation Mailing List * 07/16/96 Next Steps Reference/Resource Compilation Mailing List Telecon Schedule Sub-service Prioritization Initial Drafts *
Eclipse OHF Architecture Overview * 07/16/96 Internet Display Devices Eclipse Healthcare Automotive Telecom Runtime UI Workbench Services Non-core Services and Plug-ins Business Intelligence and Modeling Resources JFace Data Tools SWT Basic XML Services Development Tools Help Update Text Other Plug-ins as needed Dynamic Code/Schema Management Rules Processing Smart Token Support Security (OSGi) Other Plug-ins as needed Wireless Support Metering Eclipse Core Windows or Linux OS Computer Hardware Class of Plug-ins Plug-in Communication Channel *
Eclipse OHF Architecture Overview * 07/16/96 Internet Display Devices Eclipse Healthcare Applications Runtime Open Healthcare Framework UI Workbench Services Non-core Services and Plug-ins Business Intelligence and Modeling Resources JFace Data Tools SWT Basic XML Services Development Tools Voice Services Support XML Processing Other Plug-ins as needed EHR Support HIPAA Support Trust-based Network Support Help Update Text Other Plug-ins as needed Administrative Tools Web Service Support Dynamic Code/Schema Management Rules Processing Smart Token Support Security (OSGi) Other Plug-ins as needed Wireless Support Metering Eclipse Core Windows or Linux OS Computer Hardware Class of Plug-ins Plug-in Communication Channel *
Eclipse OHF Architecture Overview * 07/16/96 Internet Display Devices ePrescription Knowledge Services Training Clinical Testing Practice Management CCR Client Clinical Data Capture Support Telecom Services Payer Services Administrative Support Dictation/ Transcription Patient Services Registry Services Trust Services Support Applications Voice Services Support XML Processing Other Plug-ins as needed EHR Support HIPAA Support Trust-based Network Support Administrative Tools Web Service Support Open Healthcare Framework Dynamic Code/Schema Management Rules Processing Wireless Support Smart Token Support Security (OSGi) Metering Other Plug-ins as needed Eclipse Core Windows or Linux OS Computer Hardware Class of Plug-ins Plug-in Communication Channel *